Privacy & Consent Assistant

Plugin Banner

Privacy & Consent Assistant

by Alex

Download
Description

This plugin provides an interface to assist with consent and privacy compliance. It is not guaranteed to satisfy all clauses in the GDPR or any other legal requirements. The policies included in this plugin should be reviewed by your legal team before use.

  1. Upload the unzipped plugin file to the /wp-content/plugins/ directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress
  3. It’s recommended to insert the Company information in the Privacy & Consent admin panel.

1.6.0

  • Added Global Privacy Control support. When a visitor’s browser sends the Global Privacy Control signal (navigator.globalPrivacyControl), the consent bar now shows with Decline pre-selected and a note that some features, like embedded videos and maps, stay off until they choose Accept. Tracking stays blocked until the visitor confirms, and the choice is passed to Google Consent Mode v2 and the Meta Pixel. Several US state privacy laws require honoring this signal. On by default, with an “Honor Global Privacy Control” option under Options > Advanced. Declines made while the signal is present are recorded in the Consent Log as “decline-gpc”.

1.5.0

  • Added custom policies to plugin output. Any Policy you create beyond the four built-ins can now be included via a checkbox under Options > Custom Policies. An included policy joins the front-end subfooter links, gains a merge tag for the consent bar and form consent messages (shown next to its checkbox), and appears under Policy Pages where its source page can be set to the policy itself, a custom URL, or Do Not Use, the same as the built-ins.

1.4.5

  • Fixed: embeds whose src contained a quote character (for example a Google Map for a business with an apostrophe in its name, like “Sid’s”) were mangled when held and restored. The attribute parser now matches the opening quote to its real closing quote, so the other quote type inside the value no longer cuts the URL short. Also normalizes entity encoding so the restored src is not double escaped.

1.4.4

  • Added an optional, anonymized Consent Log. When enabled (off by default), each Accept or Decline is recorded with a random ID, the consent version shown, a salted hash of the IP (never the raw IP), and a UTC timestamp. View, export to CSV, delete by ID, or clear it under the Consent Log tab. Records auto-delete after a configurable retention period. Visitors can fetch their own records via the random ID kept in their own cookie.

1.4.0

  • Add output buffer script consent
  • Added a consent management link so visitors can change their choice anytime. The subfooter now shows a “Cookie Settings” link (when the consent bar is enabled and something is being gated) that re-opens the bar to opt out or opt back in. Also available as the [trm_gdpr_consent_settings label=”…”] shortcode, or as a nav menu item: add a Custom Link pointing at “#trm-gdpr-consent” and it re-opens the bar. Opting out after having opted in reloads the page so the already-running trackers are actually cleared.

= 1.3.0
* Added consent based script blocking. Third party tracking tags (Google Analytics, Google Tag Manager, Meta Pixel, and similar) are held inert until a visitor opts in, so no request reaches a tracker before consent. On by default, with a “Disable Script Blocking” option per site.
* Consent bar now offers explicit Accept and Decline controls instead of passive dismissal. Decline hides the bar and leaves tracking blocked.
* Blocked scripts re-activate client side after Accept, so cached pages stay safe for every visitor.
* On a choice, the consent state is also pushed to Google Consent Mode v2 (gtag) and the Meta Pixel (fbq) when those libraries are present, so they agree with the gate.
* Fixed: the admin menu used a slug ending in .php, which put a file path in the page argument and the form referer and could trip server mod_security rules (403 on Save Options). Switched to a plain slug.
* Added embed blocking, a separate setting from script blocking. Embedded videos and widgets (YouTube, Vimeo, Maps, social) send the visitor’s IP to a third party on page load, the same exposure as analytics. Levels: Off, Block known video and social embeds (default), or Block all third party iframes. Blocked embeds load the moment consent is given. Embed blocking also catches embeds built in JavaScript, including the WordPress custom header video (which injects a YouTube player), by holding the loader script until consent.
* Added a “Do Not Use” choice per policy. A policy set to Do Not Use is hidden across the front end: the subfooter, the consent bar and form consent messages (its merge tag and a stray separator are removed so the sentence still reads cleanly), and its shortcode outputs nothing.

= 1.2.0.2
* Fixed issues with filtering content and showing update-policy nags

= 1.2
* Introduced basic CCPA compliance
* Yearly notices added in admin for custom policies
* Default policies now based in remote SVN for easier updating
* Policies language updated to include 12 month default

= 1.1.0.2
* fixed overwriting consent bar not working in some cases

= 1.1.0.1
* added default color overrides

= 1.1
* Shortened default Consent Bar text, and adjusted CSS/svg placementment to accommodate

1.0.8.5

  • Fixed genesis_get_option error

1.0.8.4

  • Stable Tag Version Mixed Up

1.0.8.3

  • Updated JS to prevent erroneous console errors while still removing notices

1.0.8

  • JavaScript is now compiled with Babel for compatibilty
  • Removed PHP functionality for Consent Bar removal, as it conflicted with caching mechanisms on the server
  • Consent Bar is always rendered, and removed if consented to or faded in if not.

1.0.7.4

  • Removed spaces from cookie for syntactic purposes

1.0.7.3

  • Fixed a syntax Error when setting cookies

1.0.7.2

  • Default Consent Cookie to expire in 1 year

1.0.7

  • Prevented Genesis Specific errors

1.0.6

  • Replaced Dynamic CSS file with Dynamic CSS option.
  • Forced Positioning and colors on Consent Messages to better accommodate all themes.

1.0.5

  • Better sanitization/validation methods when saving options
  • Fixed minor JS errors on non-post editor pages.

1.0.4

  • Increased security with hiding Dynamic Delete form consents.
  • Modified JS errors thrown when illegally submitting Dynamic Delete requests.
  • Increased security and sanitization with Admin Options.
  • Prevented “Direct File Access” to PHP files.

1.0.3

  • Attempt to hide existing policy links with CSS
  • Add option to disable “hide existing links” feature
  • Make Feature Options easier to add in the future.
  • Changed Name to Privacy & Consent Assistant

1.0.2

  • Options weren’t setting and Policies not being created on Network Activation. Accounted for that now.

1.0.1

  • Initial Release
Back to top